Description

Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.

Remediation

References

CVE-2015-7371

Related Vulnerabilities

PHP Use of Externally-Controlled Format String Vulnerability (CVE-2015-8617)

OpenSSL Cryptographic Issues Vulnerability (CVE-2014-0076)

Joomla CVE-2021-23132 Vulnerability (CVE-2021-23132)

WordPress Plugin Google Maps Ready! Cross-Site Request Forgery (1.1.5)

WordPress Plugin iThemes Exchange:Simple WP Ecommerce Cross-Site Scripting (1.11.18)

Severity

Medium

Classification

CVE-2015-7371 CWE-264

Tags

Missing Update Known Vulnerabilities